Earlier this year, WestJet revealed that some of its passengers were affected by a cyberattack that resulted in the theft…
Security
Adobe has issued a new set of security patches addressing more than 60 vulnerabilities across 13 of its widely used…
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one…
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take…
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a…
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in…
Microsoft has disclosed a serious vulnerability in its collaboration platform, Microsoft Teams, that could open the door to Remote Code…
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege…
MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise…
Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot.…
Fortinet has urgently notified users of a critical OS command injection vulnerability in its FortiSIEM platform, identified as CVE-2025-25256, which…
A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to…
CVE ID : CVE-2025-8879
Published : Aug. 13, 2025, 3:15 a.m. | 22 hours, 1 minute ago
Description : Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8880
Published : Aug. 13, 2025, 3:15 a.m. | 22 hours ago
Description : Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8882
Published : Aug. 13, 2025, 3:15 a.m. | 22 hours ago
Description : Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8901
Published : Aug. 13, 2025, 3:15 a.m. | 22 hours ago
Description : Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7384
Published : Aug. 13, 2025, 5:15 a.m. | 20 hours, 1 minute ago
Description : The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6715
Published : Aug. 13, 2025, 6:15 a.m. | 19 hours, 1 minute ago
Description : The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6184
Published : Aug. 13, 2025, 7:15 a.m. | 18 hours, 1 minute ago
Description : The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-8760
Published : Aug. 13, 2025, 7:15 a.m. | 18 hours, 1 minute ago
Description : A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…